diff mbox series

[ovs-dev] timeval: Fix buffer overflow if msec is out of range.

Message ID e69-6745b200-5-62ab6480@238479372
State Not Applicable
Headers show
Series [ovs-dev] timeval: Fix buffer overflow if msec is out of range. | expand

Commit Message

Виталий Листратенко Nov. 26, 2024, 11:33 a.m. UTC
If tm->msec is negative or more than 999, stack buffer overflow happens.
Possible solution is keep msec in range [0..999].
Testing performed via Libfuzzer.
Signed-off-by: Vitaly Listratenko <vlistratenko@astralinux.ru>
 
---
diff mbox series

Patch

diff --git a/lib/timeval.c b/lib/timeval.c
index 10c1b9ca1..d29105053 100644
--- a/lib/timeval.c
+++ b/lib/timeval.c
@@ -865,7 +865,8 @@  strftime_msec(char *s, size_t max, const char *format,
        char decimals[4];
        char *p;

-        sprintf(decimals, "%03d", tm->msec);
+        int msec = tm->msec > 999 ? 999 : (tm->msec < 0 ? 0 : tm->msec);
+        sprintf(decimals, "%03d", msec);
        for (p = strchr(s, '#'); p; p = strchr(p, '#')) {
            char *d = decimals;
            while (*p == '#')  {